Ensuring Security and Trust

About our Data, Platform & Infrastructure Security

Our Security Pledge

At DulyPaid, we understand that your financial data is your business's lifeline. That's why we've made it our priority to ensure the utmost security, reliability, and data privacy for our clients.

Our Expert Team

Our engineering team is composed of seasoned professionals with experience working at leading tech giants like Amazon, Meta, etc. We leverage this experience to build and maintain a secure, robust, and reliable infrastructure for your A/R needs.

World-Class Infrastructure & Platform

Our software is hosted on secure Amazon Web Services (AWS) cloud infrastructure. We deploy all of our services/servers in AWS's US-based data centers (East coast).

Secure AWS Cloud Infrastructure

AWS's world-class, highly secure data centers utilize state-of-the art electronic surveillance and multi-factor access control systems. Data centers are staffed 24x7 and access is authorized strictly on a least privileged basis.

More about AWS data centers

Data Encryption & Protection

All data, whether at rest or in transit, is encrypted using advanced encryption standards. This ensures your sensitive information remains secure at every stage of the process. AWS offers a variety of methods for encrypting data at rest and in transit. AWS provides several encryption options, including AWS Key Management Service. We leverage and use these security and encryption features offered by AWS to keep your data secure and encrypted.

More about AWS data protection

AWS Network Firewalls

Built into Amazon VPC are network firewalls that allow you to create private networks within AWS. We use inbound and outbound filtering at the instance and subnet level to keep our network infrastructure secure and prevent unauthorised access.

More about AWS network firewalls

AWS Compliance

AWS has achieved a number of internationally recognized certifications and accreditations, demonstrating compliance with third-party assurance frameworks such as ISO 27001, ISO 27017, ISO 27018, SOC 1/2/3, and many others.

In addition, AWS supports more than 85 security standards and compliance certifications for global jurisdictions, such as GDPR in Europe, the U.S. HIPAA for healthcare, the U.S. Federal Risk and Authorization Management Program (FedRAMP), and Singapore's Multi-tier Cloud Security (MTCS) standard.

More about AWS Compliance

All of these features provide inherent security and compliance at the infrastructure layer to our applications running in AWS.

For clarity, our applications themselves are currently not certified for these standards and compliance protocols. That being said, our team's expertise ensure that we adhere to industry best practices while at the same time using AWS infrastructure provides us with a solid, secure and compliant foundation to build on.

Data Security

Access to your data is controlled by stringent access control mechanisms. Only authorized personnel have access to the data.

Payment Processing

DulyPaid do not store or process any payment or credit card information on our own servers. We use Stripe with Chargebee as our billing system. Chargebee is PCI-DSS Level 1 certified. The Payment Card Industry Data Security Standard (PCI-DSS) provides a framework for developing a robust security process for credit card transactions.

More about Chargebee Security & Compliance

Accounting Software Integrations & Security

We integrate with Accounting Software through industry-standard OAuth authentication flows. This mode of integration follows best practices recommended by the Accounting Software vendors themselves. Here are salient features of our integrations:

  • We use OAuth2 authentication to integrate with Accounting Softwares (such as Xero, QuickBooks, etc.)
  • We do not ask, fetch or store your Accounting Software login credentials. Instead, as part of OAuth flow, you authorize our application through your accounting software in order for us to get required access to your invoicing data
  • OAuth tokens are encrypted multiple times prior to putting in our secure storage
  • You can disconnect/revoke access to DulyPaid from your accounting software
  • You can disconnect or pause accounting software integration from DulyPaid's account settings as well
  • Disconnecting/deleting your integration will revoke and remove OAuth tokens from our systems

Backup

To protect against data loss, all data is regularly backed up in multiple locations and is securely stored (encrypted). In the event of a system failure or disaster, these backups ensure data can be quickly restored with minimal downtime.

Login Security

Our software incorporates strong login security measures, including two-factor authentication (2FA) and complex password requirements. These measures protect against unauthorized access and secure your account even further.

Your Trust is Our Priority

We're committed to maintaining the highest level of security and reliability for our clients. If you have any concerns or questions about our security measures, please feel free to contact us.